Vulnerabilities > Google > Android > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-02 | CVE-2018-9499 | Use of Uninitialized Resource vulnerability in Google Android In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. | 5.5 |
| 2018-10-02 | CVE-2018-9493 | SQL Injection vulnerability in Google Android In the content provider of the download manager, there is a possible SQL injection due to improper input validation. | 5.5 |
| 2018-10-02 | CVE-2018-9452 | Improper Input Validation vulnerability in Google Android In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. | 5.5 |
| 2018-09-19 | CVE-2018-3574 | Improper Input Validation vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS. | 5.5 |
| 2018-09-18 | CVE-2018-11293 | Out-of-bounds Read vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. | 5.7 |
| 2018-09-18 | CVE-2018-11280 | Improper Input Validation vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. | 5.5 |
| 2018-09-18 | CVE-2018-11275 | Information Exposure vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs. | 5.5 |
| 2018-09-18 | CVE-2017-15844 | Out-of-bounds Read vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash. | 5.5 |
| 2018-08-07 | CVE-2018-5383 | Improper Verification of Cryptographic Signature vulnerability in multiple products Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. | 6.8 |
| 2018-07-06 | CVE-2018-5865 | Integer Underflow (Wrap or Wraparound) vulnerability in Google Android While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur. | 5.5 |